<?php

/**
 * @author	barbarosalcin
 * @desc	ajax forum
 * @version	$Id: 20110317
 * @package	ajax
 */

foreach ( $_POST as $key => $value )
{
	$_POST[$key] = str_replace("\n", '', $_POST[$key]);
	$_POST[$key] = str_replace("\r\n", '', $_POST[$key]);
	$_POST[$key] = preg_replace('%^<br />$%', '', $_POST[$key]);
	${$key} = strip_tags($_POST[$key]);
}
// @todo: fix + language


if (!$tk->session->data['session_logged_in'])
{
	$error = 'logged_in';
	goto end;
}

switch ($req['get']['act'])
{
	case 'edit' :
		
		if($tk->session->data['user_level'] != ADMIN)
		{
			$error = 'unauthorized';
			goto end;
		}
		
		if ((! $title && ! $content) || (int) $id == 0)
		{
			$error = 'data_required';
			goto end;
		}
		
		$content = strip_tags($content);
		$title = strip_tags($title);
		
		$sql = "update " . FORUM_TABLE . " set content='$content',title='$title' where id='$id'";
		
		if (! ($result = $tk->db->sql_query($sql)))
		{
			$error = 'sql';
			goto end;
		}
		
		if (! $tk->db->sql_affectedrows($result))
		{
			/* @todo hmm */
			
			$error = 'undefined';
			goto end;
		}
	
	break;
	
	case 'new' :
		if (! $title || ! $content)
		{
			$error = 'data_required';
			goto end;
		}
		
		$content = strip_tags($content);
		$title = strip_tags($title);
		
		$sql = "insert into " . FORUM_TABLE . " (status,createtime,title,content,topic_id,user_id,post_ip) VALUES('1','{$config['time']}','$title','$content','0','{$tk->session->data['user_id']}','{$tk->session->data['session_ip']}')";
		
		if (! ($result = $tk->db->sql_query($sql)))
		{
			$error = 'sql';
			goto end;
		}
	
	break;
	
	case 'reply' :
		
		if ((! $title && ! $content) || (int) $id == 0)
		{
			$error = 'data_required';
			goto end;
		}
		
		$content = strip_tags($content);
		$title = strip_tags($title);
		
		$sql = "insert into " . FORUM_TABLE . " (status,createtime,title,content,topic_id,user_id,post_ip) VALUES('1','{$config['time']}','$title','$content','$id','{$tk->session->data['user_id']}','{$tk->session->data['session_ip']}')";
		
		if (! ($result = $tk->db->sql_query($sql)))
		{
			$error = 'sql';
			goto end;
		}
	break;
	case 'delete' :

		if ($tk->session->data['user_level'] != ADMIN)
		{
			$error = 'unauthorized';
			goto end;
		}

		
		if (! $id)
		{
			$error = 'data_required';
			goto end;
		}

		$sql = "delete from ".FORUM_TABLE." where id='$id' or topic_id = '$id'";
		if(!($result = $tk->db->sql_query($sql)))
		{
			$error = 'sql';
			goto end;
		}
		
	
	break;
	default :
		$error = 'undefined';
		goto end;
	break;
}

$data_json['header'] = $lang['json'][$type][$req['get']['act']]['header'];
$data_json['message'] = $lang['json'][$type][$req['get']['act']]['message'];

sendmail:
if ($postman_type != '')
{
	$tk->postman->ishtml(true);
	
	if (! $tk->postman->sendmail($postman_type))
	{
		
		$error = 'sendmail';
		goto end;
	}
}
end: